Preliminary discussion: DB alias entries

Sam Hartman hartmans at MIT.EDU
Thu Mar 5 12:49:16 EST 2009

>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:

    Greg> Sam proposes separating the alias database from the
    Greg> principal database to facilitate integration.
I meant only within the db2 backend.

    Greg> If we go that route for DB2--say, using a second DB2
    Greg> database for aliases--how do people think LDAP aliases
    Greg> should be handled?  Perhaps a separate container DN for
    Greg> aliases?

I think that as several people have proposed an additional
multi-valued attribute will be appropriate.  In a lot of places I
think it will be reasonable for this attribute to live in the same
object.  The basic argument is that if your infrastructure is ldap
based, you probably have facilities for populating this sort of thing.
I think that long term you may need more flexibility, but a
multi-valued attribute seems like a good starting point.  I'm not sure
that a separate container DN would be more valuable and it seems like
a lot more work in cases where a multi-valued attribute would work.

More information about the krbdev mailing list